Security

DRM and unintended consequences

Chad Perrin analyzes the inherent problems of DRM, its security, and its negative affect on business.

Back in November 2007, I hinted at the inherent problems of DRM software in the article Radiohead knows more than Microsoft about security. I didn't really address DRM itself in any detail, however. I'll address it now.

Technical problems

As you might have gathered from the Radiohead article, DRM is essentially ineffective. Its only successes are in treating legitimate customers like criminals. A determined (and competent) security cracker can always find a way to circumvent DRM.

In April 2007, Ars Technica reported on the statements by one of the people involved in the Xbox-based AACS key crack that allowed them to circumvent the HD-DVD format's DRM. Before that, any AACS cracks have been "fixed" by "expiring" compromised content decryption keys and issuing new keys with new content. This meant that already cracked and released keys could be used to circumvent DRM on older content, but not on anything released after the new keys were issued. Such solutions to the problem don't address the real problem, though -- that the new keys can be extracted as well, as demonstrated by the Xbox-based crack.

Ultimately, there's no way to really protect content from its users without simply preventing the users from accessing it at all. DRM "protects" content by encrypting it and preventing the user from accessing it in unauthorized ways -- including copying it. To be worth selling, though, it has to be accessible in authorized ways -- including actually playing the content on an authorized player. This means there must be a way for the player to decrypt the content.

There are at least two different ways to leverage the necessity of decryption to circumvent DRM:

  1. You can access the content after it is decrypted. AACS standards require specific characteristics for authorized players to make it difficult to capture content after decryption to make unauthorized copies, but ultimately the only reason this DRM circumvention technique is not used more often is because it is usually easier to get the decryption key than to capture the content between decryption and display.
  2. You can access the decryption key, then use it to decrypt the content and capture it at your leisure. For the decryption key to be used in an authorized manner, it has to actually be used -- which means it has to be accessible to the decryption software. If it's available to the decryption software, it's available for a security cracker to discover.

The entire AACS saga highlights the core weakness of DRM. The point of DRM is to simultaneously prevent the user from accessing content and allow the user to access the content. The way DRM like AACS does this is by encrypting content, then providing the decryption keys needed to access the content and trust that users are too stupid to access the keys in an unauthorized manner.

As long as you want your customers to access the content at all, you have to resign yourself to the harsh reality -- that once you give the customers access, you can't take it back. Any other approach to it just means you're lying to yourself.

Social problems

Since DRM is ultimately ineffective at stopping the people the purveyors want to stop, it's not really protection against copyright infringement. That leaves two things that DRM could be:

  1. If you subscribe to the notion that information is and should be the property of the person first disseminating it, DRM is just an insult to your customers. It restricts the ability of end users to access the content in legitimate ways by treating them like criminals, interfering with fair use, and even preventing customers from doing something as simple as watching a movie without getting a new DVD player just to satisfy your paranoia. This, of course, assumes that your customers won't just circumvent DRM.
  2. If you subscribe to the notion that "information wants to be free", or that the possessor of information should be able to do whatever he or she wants to do with it, or that copyright law is simply wrong, DRM is worse than an insult -- it's a violation of the rights of every single customer.

Either way, it's just a bad way to do business.

People react negatively to the way content providers are treating their customers. People who would otherwise just buy content and use it the way the content providers would like them to are becoming irate, boycotting the worst offenders among content providers and even infringing copyright themselves in some cases. I'm sure Sony/BMG isn't even aware of how much damage it has ultimately done to its own business by mistreating its customers.

Some groups are even making concerted efforts to make life difficult for DRM users by preventing them from effectively using resources that are generally accessible to everyone else. The third version of the GPL, for instance, requires DRM software licensed under its terms to make any "authorization keys" available with the source code:

"Installation Information" for a User Product means any methods, procedures, authorization keys, or other information required to install and execute modified versions of a covered work in that User Product from a modified version of its Corresponding Source.

In the GNU Quick Guide to GPLv3, it says:

It's always possible to use GPLed code to write software that implements DRM. However, if someone does that with code protected by GPLv3, section 3 says that the system will not count as an effective technological "protection" measure. This means that if you break the DRM, you'll be free to distribute your own software that does that, and you won't be threatened by the DMCA or similar laws.

Unintended consequences

As I've already pointed out, there are some negative consequences for saddling your customers with DRM. DRM isn't the only problem here, though. Anything that attempts to restrict what people can do with what you've given them can have similar negative consequences. I need to be perfectly clear here: I'm talking about what you can do -- not what you should do. When you try to restrict what people can do by applying rules across the board to anyone and everyone, you sometimes end up stopping people from doing what they should do.

The problem is unintended consequences -- in trying to restrict what people can do, you may end up having the opposite of the intended effect. This is the problem behind Germany and England, and even parts of the United States, trying to outlaw network administration tools that could be used to crack security on others' networks, because those tools are also used by people who secure our networks against malicious security crackers. By the same token, it is also the problem behind trying to prevent people from writing DRM software without destroying the effectiveness of the software at the same time.

By mandating that any "authorization keys" must be provided with the source code in the GPL, version 3, the GNU Project is effectively saying that certain types of software development using code distributed under terms of the GPL cannot be allowed to be as effective as its developers could otherwise make it. This discourages certain types of security software research with GPLed code, discourages greater adoption of open source software by commercial entities, and could easily have further unintended negative consequences that have not become as obvious as these.

April Fools?

This is probably where some of my readers expect me to say "April Fools!" It's the first of April, after all. I just got done saying, first, that DRM used to "protect" content is bad, and second that we shouldn't try to prevent anyone from creating DRM systems -- which probably seems contradictory.

None of this is a joke, though. I guess I just can't come up with a good one for April Fools' Day this year. There's no contradiction in what I said.

It's all based on ideas like Kerckhoffs' Principle and Shannon's Maxim -- a rephrasing of the basic concept in Kerckhoffs' Principle that says "The enemy knows the system." Ultimately, it all just means that trying to interfere with the way people use what they have by keeping its internal workings secret is doomed to failure. The common thread is that security cannot be bought with attempts to restrict how people might use what you've given them.

Someone who intends to circumvent your security measures will not be stopped by the attempt to convince them to ignore what's already in plain view.

About

Chad Perrin is an IT consultant, developer, and freelance professional writer. He holds both Microsoft and CompTIA certifications and is a graduate of two IT industry trade schools.

100 comments
hlhowell
hlhowell

I haven't been to a movie for months. I occasionally rent a movie, but less than 2/month. DRM is not a practice of a free nation, but one of a nation led by more maniacal politicos, wanting to control that which they cannot make on their own, and attempting to control others. Worse the implementations sought are patently wrong, and would be prosecutable offenses should we practice them on our own creations. Pardon me for borrowing yet another political phrase: "Just Say No!" (actually I heard it first from my grandmother). Regards, Les H

Altotus
Altotus

No one owns information just the right to copy. When an industry (the few) to copy existed this was relevant. Now EVERY one on earth can copy now without cost. The old models are not relevant. Economics ASSUMES there is not enough to go around. That which is in supply has no economic value. Worthless by the very definition of economics.

BALTHOR
BALTHOR

One of these days they will all run out of intellect and things will operate as per design.

TripleII-21189418044173169409978279405827
TripleII-21189418044173169409978279405827

Now that BD+ is cracked, I can't help but laugh at Sony and all the studios who were salivating over BD+ driving re-sales and "protecting content". Truly, how many hundreds of millions of $s has been wasted on "MaybePlays", AACS, now BD+ and driven up the cost of content and players. Anyway, I have never, and will never purchase DRM infected content (and as much as I detest the RIAA/MPAA, I won't download it illegally either). That's were Amazon MP3 is great. Over 600 song purchases so far. I suspect it will take 3 years and the MPAA will simply have to give in like the RIAA and just sell content for a reasonable price in a format that anyone can use. In the meantime, go DRM, keep throwing good money after bad, it only HELPS the smaller players take more of your market and makes the "big studios" less and less relevant. TripleII

Jaqui
Jaqui

Digital Rights Management A misnomer if there ever was one, since it is far more accurate to call it Digital Rights Enforcement or DRE. What the content providers are doing has zero to do with managing their rights, only attempting to enforce their rights, [b]at the expense of their customers.[/b] In this, the open source model shows how much better it is at inducing respect for Digital Rights / Copyright / Copyleft, ... . There are proprietary applications for the open source operating systems, most of which are very highly priced. an example: SOFTIMAGE|XSI System Requirements Choose a version of XSI and an Operating System: Version 6.x * XSI for Windows XP Professional * XSI for[b] Linux[/b] $4,995.00 Yet you can look through the peer to peer file share networks and it is very hard to find these applications in them, compared to windows based applications. Why would this be? after all, software is software, and software crackers / thieves don't worry about little things like licenses. Maybe it's because those USING open source have so much given to them for free, with only a requirement to recognize the copyright, that they not only HAVE THE MONEY for expensive software they need / want, they are much more willing to live by the "right thing to do" and not steal it. Since I only have open source software powering my systems, the encryption used for the movies has made it so that I do not bother buying a dvd / blue-ray with a movie on it. Most likely I would have to fight to get it to play on my computers. Not worth it. I don't go to the theatres, nor own a television and player to use the disks on. the Movie industry can stop screwing me over by blocking my operating system from playing the content if they want ANY of my money. My personal boycott means I will not even accept a free pass to a movie. So DRM has saved me a fair amount of money, all of which went straight into more computer hardware running linux. Microsoft's DRM/DRE, more commonly called WGA/MGA. We all know I'm not a fan of Microsoft, but these digital rights management implimentations go far beyond what is commonly seen. Remember those law suits Microsoft filed against several Chinese companies for distributing pirated versions of Microsoft's software? Those lawsuits are legal proof that Microsoft is distributing SPYWARE with their products. [ There has to be personally identifiable information being transmitted, or else Microsoft could not have file the lawsuits. ] That isn't the worst issue with it though. The worst issue is that around the same time that the lawsuits were filed there was a fair amount of noise in the blogosphere about how the WGA/MGA work. With 2 function calls these drm programs [b]completely disable the system security[/b] of Microsoft's operating system, Windows. That is, to me, incontrivertible proof that use Microsoft's products in any environment where there are laws requiring data security for privacy protection is a violation of those laws. Since it is so trivially easy to circumvent the security of their products, [b]Microsoft intentionally designed their products to put the end user into violation of privacy protection laws.[/b] Guess what [ insert national government / multinational business here ] you are in violation of the privacy protection laws in every country you have an office in that has them, since you have Windows and Microsoft office on your computers. The Anti-DRM in the GNU-GPL Version 3 The only thing I really have to say about this: GNU-GPL V3 is not usable by me, primarily because of these sections of it. [ I have a couple of other reasons that are off topic so I'll not detail them ]

apotheon
apotheon

You didn't think DRM actually worked against a determined attacker -- did you? How do you feel about the GPLv3's anti-DRM provisions?

JCitizen
JCitizen

and I want it legal. Only problem is the content with DRM doesn't work! The rippoff continues!

apotheon
apotheon

What the record industry tries to sell us is access. Access is easily had, though, in many cases -- because digital copies can be made essentially for free, and distributed essentially for free as well. It's trying to use the law to create artificial scarcity, thus allowing it to make money off something that isn't actually scarce. It is, fundamentally, trying to restrict the growth of wealth: as scarcity dwindles, our wealth as a society increases. Artificial scarcity is a means of retarding progress, and keeping wealth out of the hands of those who do not have the power to affect policy. You might have noticed I'm not much of a fan of the RIAA.

The Scummy One
The Scummy One

It should have been stated that one of these days, they will gain some sort of intellect, and then things will start to run as it should. Just my opinion!

Dumphrey
Dumphrey

seen in a long time. Thanks for the reminder Balthor :)

The Scummy One
The Scummy One

I heard on the radio a couple of days ago that the RIAA was looking for payment if a person has certain peer to peer SW on their system. Even if the SW was not used for illegal purposes, they were planning to 'fine' users who downloaded and installed it because there was 'potential' for losses to the music industry. The sad part is that they also reported that after speaking to lawyers, that the best suggestion is to pay the fine regardless of wrongdoing, and then look into getting it back through legal means. How senseless is that? if you did nothing wrong, you still gotta pay the fine because the RIAA says so?? I never really followed up cause I dont have peer to peer SW on my home systems and do not download music/movies. So, I should be free from fines myself. But yes, I have to agree and laugh at their attempts and the money they throw away to try to curb this, knowing full well, all it will take is a little time and it will be cracked.

Dumphrey
Dumphrey

"In the meantime, go DRM, keep throwing good money after bad, it only HELPS the smaller players take more of your market and makes the "big studios" less and less relevant." Kind of cold war approach.. since the money [developing drm]is in fact a true waste of income, encourage them to spend it? Leading to a loss in revenue, leading to increased prices, leading to reduced sales, leading to... a vicious circle. The question is HOW do we convince them to double and triple their DRM expenditure?

apotheon
apotheon

"[i]A misnomer if there ever was one, since it is far more accurate to call it Digital Rights Enforcement or DRE.[/i]" I was leaning more toward DRM, for "Digital Restriction Malware". It's software that tries to restrict my digital activities, so "digitial restriction" makes sense. I don't want software doing so, and it has been known to install itself without permission on people's computers, so "malware" fits. "[i]Since I only have open source software powering my systems, the encryption used for the movies has made it so that I do not bother buying a dvd / blue-ray with a movie on it. Most likely I would have to fight to get it to play on my computers. Not worth it.[/i]" Hmm. That gives me an idea for a website that may be desperately needed. I'll have to see if I have the resources to make it happen (or whether it might already exist somewhere). "[i]With 2 function calls these drm programs completely disable the system security of Microsoft's operating system, Windows. That is, to me, incontrivertible proof that use Microsoft's products in any environment where there are laws requiring data security for privacy protection is a violation of those laws.[/i]" I'm sure you wouldn't be held legally responsible for doing so at this point -- but the worse implication, from my perspective, is simply that security is trivially circumvented on an MS Windows system. What gets me riled up about it is the damage to security, not the legal issues it might raise. "[i]you are in violation of the privacy protection laws in every country you have an office in that has them, since you have Windows and Microsoft office on your computers.[/i]" Well . . . that depends on what data is on the MS Windows computers, and how they're used. A system used only for printing out mailing labels or image editing for the website wouldn't be subject to the same privacy laws as a server housing a customer database.

phil
phil

DRM means people do not have cheap or free content without resorting to illegal downloads. Illegal downloads = spyware Some IT pros make money (or stay employed) partly because people download this stuff. As an IT services company each week we are fixing machines the users have broken through illegal downloads. So even though we hate efforts to restrict content unduely (DRM nearly always = expensive), it does keep us employed.

smukherjee
smukherjee

I think eventually you cannot give out high quality content for free , you need to have some safe guard if not a fool proof safe guard against un authorized usage of content . Besides no body knows what is in store for the future , perhaps some kind of Artificially Intelligent DRM Protected Content mutating with time may just be the cure to the piracy disease .

Locrian_Lyric
Locrian_Lyric

I purchase next to nothing these days. My own private boycott is likely having little effect, but I am not a criminal and refuse to be treated as one. When they decide to trust me, I will trust them with my business.

boxfiddler
boxfiddler

"Ultimately, it all just means that trying to interfere with the way people use what they have by keeping its internal workings secret is doomed to failure. The common thread is that security cannot be bought with attempts to restrict how people might use what you?ve given them." "Its only successes are in treating legitimate customers like criminals." How much music and how many new movies have I refused to purchase/rent since this ridiculous business began? Let the thieves have it... Couldn't agree more. No, this time not posting for students... ;)

JCitizen
JCitizen

one of the most abundant forms of carbon in the mantel of the earth, yet we pay dearly for it. Probably only worth about $1.80 a carat. DeBeers and others make it "scarce" with world wide buffalo jobs. Just my opinion.

Dumphrey
Dumphrey

intellect is whats interfering with our ability to live in harmony with nature and our surroundings. If we "loose our intellect" or to put it another way, become mind-less, or One with the moment, then we will be able to create a society as it was meant to be by the higher power. All citizens will be required to have tin foil hats if I have any say.

RFink
RFink

A man is on trial for running moonshine. Judge: How do you plead? Defendant: Not guilty DA: Isn't it true that you own a still? Defendant: Yes, I do. It's a fully operational conversation piece. It has never been used. DA: Doesn't matter. In the eyes of the law you're guilty. Defendant: In that case, you'd better charge me with rape too. Judge (surprised): Are you confessing to rape? Defendant: No, your honor, but I sure as hell have the equipment.

Dumphrey
Dumphrey

In that the "fine" for having the SW installed will be low enough to be paid fairly easy, but high enough to represent some money for the industry. Paying up front, and admitting guilt and creating legitimacy for the law, will be significantly cheaper then fighting the RIAA in court. (IE why spend $500 on a lawyer and a day in court on a $25 parking ticket that was wrongfully written.)

Locrian_Lyric
Locrian_Lyric

hmmmm, one way would be to 'leak' information on the latest DRM being cracked... whether that fact was true or not would be irrelevant. Of course a few boasts on how much money the DRM studios are losing because it was cracked would help....

Jaqui
Jaqui

[i]What gets me riled up about it is the damage to security, not the legal issues it might raise.[/i] It's the legal issue aspect that will push corporate change in software selection though. I agree, the trivial aspect of circumventing security is the real issue, it's just not the way to actually get anything changed. [i]A system used only for printing out mailing labels or image editing for the website wouldn't be subject to the same privacy laws as a server housing a customer database.[/i] except that there are not very many organizations using machines for a dedicated purpose, 99.995% are using them for multiple purposes, so the argument isn't really valid for any significant number of users. [i]I was leaning more toward DRM, for "Digital Restriction Malware". It's software that tries to restrict my digital activities, so "digitial restriction" makes sense. I don't want software doing so, and it has been known to install itself without permission on people's computers, so "malware" fits.[/i] I agree, malware fits in the implementation, the Enforcement fits with the intention of those implementing the crap. [i]Hmm. That gives me an idea for a website that may be desperately needed. I'll have to see if I have the resources to make it happen (or whether it might already exist somewhere).[/i] hmm? do tell. http://showmedo.com made a minor [ major ] change today, they clarified their mission statement.: [b]ShowMeDo is about learning Open Source by watching it get done, the programming languages which build it, the tools that make those languages more productive and fun to use, and of course the software and applications that mark its achievements. We aim to provide a free, clean, ad-free environment wherein members of the Open Source community can show the cool stuff going on. We're here to help address the need for good documentation and tutorials, the lack of which, we believe, prevents some great software from gaining the popularity it deserves. If you want to contribute, just join-up and submit a video. It's a great way to give something back.[/b] which is slightly off topic, but an interesting site. python scripted. ogg video format used to make the flash videos with no problem. my installation of PCLinuxOS into a vm video on it is #102 of the top 548, in a month. http://showmedo.com/videos/video?name=1950000&fromSeriesID=195 [ the video I put up. being remade today so audio will improve by tomorrow. ] going to make a first boot configuration change required video today, and fix audio track of the install video.

Neon Samurai
Neon Samurai

Being happy about spyware driving your computer support business is a little like being happy about drug addiction because it keep bringing people back for rehabilitation. It seems rather parasitic ultimately to promote a negative trend in software development.

shardeth-15902278
shardeth-15902278

DRM, as apotheon (and others) mentioned, means treating the customer as a criminal. Treat people like criminals, they act like criminals. Treat people fairly and with respect, and they are more likely to listen to you - and believe you - when you say it is immoral to enjoy the hard-work of talented performers, without rewarding them for their work. "copyright violation" can be more effecitvely enforced as social mores, than as law. Yes, this shift may have a negative impact on the Metallica's and Brittny Spears's and other uber-performers, and it will impact the RIAA and other organizations, who exist primarily (solely?) on litigation, but for the actual content creators, it could be a real boon. (nearly) free distribution of their work, in a framwork where it is expected that ownership and contact info will be maintained, means more potential fans will discover them, and have access to the means to pay them for their work (and will pay them or be shunned and ridiculed by their peers). Less money will be required to support the artist, as all the costs associated with anti-piracy litigation, and DRM research and implementation will be taken formthe equation (There may be a significant increase in out-of-work entertainment lawyers, to resolve...). This model is already how I discover music and movies of interest to me (most all of my recently music dicsoveries have been though you-tube actually, either a recommdnation link from a video of a band I was familiar with, or the backdrop music (probably illegally used) for someone's homebrew video (and let me tell you, It seriously irks me when they neglect to credit the artist, leaving me trying to find them via goole searches on lyrics (which really sucks if it is an instrumental piece)). It is a workable model. It increases the opportunity for a greater number of artists to make a living (not a fortune, but a living) with their particular talent.

apotheon
apotheon

"[i]I think eventually you cannot give out high quality content for free , you need to have some safe guard if not a fool proof safe guard against un authorized usage of content .[/i]" No you don't. Look at the [url=http://blogs.techrepublic.com.com/security/?p=363]Radiohead example[/url], or the [url=http://www.mysql.com]MySQL example[/url]. Look at the [url=http://techrepublic.com.com]TechRepublic example[/url], for that matter! There are ways to make money off free content -- and they're more robust business models than those that involve trying to maintain a content monopoly with per-content payments and technological enforcement mechanisms. The Radiohead, MySQL, and TechRepublic examples aren't perfect. All three could do better with a "free content" business model than they are doing already. They pretty much lay the ground work for how such a model works, however. "[i]Besides no body knows what is in store for the future , perhaps some kind of Artificially Intelligent DRM Protected Content mutating with time may just be the cure to the piracy disease .[/i]" That argument doesn't work. If someone comes up with an artificially intelligent DRM scheme, someone else will come up with an artificially intelligent DRM-cracking mechanism. . . . and "piracy" isn't a disease. It's the economy routing around monopoly because, just as the Internet treats censorship as "damage", so too does an economy treat monopoly as "damage". In other words, copyright is the disease to the economy, if there is a disease at all.

Dumphrey
Dumphrey

http://www.schneier.com/essay-157.html after you filter out the Vista only ranting, the overall theme applies to DRM in general. http://www.cs.auckland.ac.nz/~pgut001/pubs/vista_cost.html As well. I appologize for the Vista-centric posts. I had some more generic but I can not find them ATM. Overall, DRM has to work by FM (Freaking Magic) because it has to break laws of reality. It has to prevent you for accessing data while allowing you to access data. Unfortunately, to decrypt the content, the key HAS to be available to the end user (player/software etc). If you have the key, the protection is now null and void. So they will have to build DRM to protect the DRM, to protect the DRM....

Jaqui
Jaqui

I will not give them any of my money until they change their ways. [ I also do not steal from them, no illegal downloads / copies. ]

JackOfAllTech
JackOfAllTech

If enough of us had the fortitude to just say no and stop buying ANYTHING that had any kind of DRM attached to it? Eventually, even the idiots that run those companies would realize they were losing money and give in.

apotheon
apotheon

"[i]Just my opinion.[/i]" That's not just your opinion.

Dumphrey
Dumphrey

and its very short, no more then 100 pages, and really, only the first 20 or so actually matter. Its actually been floating around for a long time now, its just never made the "best seller list" among Buddhist students. Ive owned many copies of that book so far, along with ClockWork Orang, Man's Search for Meaning, and Lamb. For some reason I never get any of them back if I lend them out :\ the Primes of On Having No Head is simply that. The author one day while in the mountains realized that his head was an illusion, since he could not see it, and his body changed size and shape based on his perspective. By reading his descriptions, and trying to "match" his experiences, you can put yourself in a cognitive position where you alter your sense of self and how you relate to the world. All starting with the interpretation of our visual input. On one hand its a trick in that we are "fooling" our selves, and on the other hand, its also the truth. It depends on perspective.

apotheon
apotheon

"[i]Though I think a case could be made for them being identical under certain circumstances and uses.[/i]" Perhaps. "Mindfulness" makes for a better term in English, however, because of the connotations associated with the word "mindless" -- and "mindfulness" is a very commonly-used term in Buddhist circles, whereas I haven't ever encountered "mindlessness" in the same context before this. "[i]I guess mindless would be more of a tao interpretation of a similar phenomena....[/i]" No, not so much. [url=http://tao.apotheon.org]Taoism[/url] doesn't have the same "denial of self" focus as Buddhism. If you're familiar with [url=http://www.sacred-texts.com/bud/zfa/zfa10.htm]the mirror metaphor[/url] from Buddhist tradition, you should immediately recognize the Buddhist "there is no self" impulse -- existential nihilism, basically, though without the negative associations usually assigned to the term "nihilism". Meanwhile, Taoism makes no pretensions of eliminating the self from the equation -- it just doesn't see the point in asserting either the existence or non-existence of such an artificial concoction as "self". "[i]One of the best "translations" of eastern thought into western thought.[/i]" I haven't read that one. Maybe I should add it to my [url=http://tao.apotheon.org/?f=library]collection[/url]. Just noticed the list at that URL is out of date. Hmm. It might be in need of some editing soon.

Dumphrey
Dumphrey

mindful vs mindless. Though I think a case could be made for them being identical under certain circumstances and uses. It would depend on if you included the ego and individualization in "mind" or not. I guess mindless would be more of a tao interpretation of a similar phenomena.... Will have to think about this some today. http://www.amazon.com/Having-No-Head-Rediscovery-Obvious/dp/1878019198 One of the best "translations" of eastern thought into western thought. Scummy: Life with no caffeine is no life at all.

The Scummy One
The Scummy One

see, I can appreciate this train of thought. As long as caffeine was still around to 'aid' in my mindfulness that is!

apotheon
apotheon

Actually, the term you're looking for is [url=http://en.wikipedia.org/wiki/Mindfulness][b]mindfulness[/b][/url], not "mindlessness". The idea is that you let go of the petty concerns of your everyday life, and let your mind focus on the here and now -- taking a mindful approach to your every action, becoming as one with the rhythms of your life. Nirvana is a state of enlightenment that it is generally believed (by many Buddhists) can only be achieved via mindful living. A similar Japanese term particular to Japanese branches of Buddhism (notably Zen Buddhism) is "satori". There are some definite similarities between the Zen Buddhist concepts of satori and mindfulness and Taoist ideas, too -- which isn't surprising, considering Zen Buddhism is basically what happened when Buddhism met Taoism in China, then migrated to Japan.

Dumphrey
Dumphrey

making fun of my HAT! JK The state I was trying to describe is closer to that of Buddhist Enlightenment or Nirvana. Having no real experience of said state its difficult for me to describe :\ And i agree whole heartedly that greed is the issue. My personal opinion is that greed is eged on by intellect, but also by the dark insecurities fro our ego/sub-conscious/shadow-side/[vague pop-psych term here]. I am not recommending we live like either monkeys or like in Idiocracy [one of my favorite movies], but like evolved human beings who are able to finally admit and transcend our animal behavior patterns. Juts for you, foil hats will be optional.

The Scummy One
The Scummy One

are you suggesting that we all start living like monkeys? Or, are you suggesting that we all live like in the show idiocracy?? either way, I find the idea disturbing. However, the problem isnt intellect, it is greed, pure and simple. It may be being enhanced due to intellect, but it is very much greed which causes many problems such as this. Therefore just making us mindless or un-intellectual will not stop the problem at all. and to note, I dont believe in 'the higher power', like many. Also to note, I would be very upset if I was forced to wear anything, let alone something as stupid as a tin foil hat.

shardeth-15902278
shardeth-15902278

The weird clause on Financial aid for universities, requiring them to block potential piracy mechanisms, and pay for "legal" content access solutions for students, (what the govt. is doing placing stipulations like that is still a mystery (well, maybe nt so much)...)

The Scummy One
The Scummy One

was implied in my original post, but it was stated as pay the fine, they try legal recourse. However, I didnt actually say to sue. But yes, this is a good option.

Dumphrey
Dumphrey

there is some sense left to our judicial system. And LL's idea of counter suite is also very fine. If enough people did do, eventually the system would be forced to change or evaporate.

Locrian_Lyric
Locrian_Lyric

counter-sue. then they'll have to defend THEMSELVES, and their lawyers will cost them a whole heck of alot more than losing to them will cost you.

The Scummy One
The Scummy One

last night, but didnt save the link. It said that the courts ruled yesterday that the RIAA cannot fine for people having P2P SW installed. They can only fine if they can prove that illegal files were downloaded, or uploaded. However, the courts also restricted how they could obtain this information.

JCitizen
JCitizen

of fair business practices. Right now I have run HP through the wringer for selling me DRM infested Media Center devices that don't deliver on content. Once the bean counters realize they have spent a month on phone conversations and expensive tech support on equipment that won't work because of DRM, maybe the hardware industry will finally wake up and reject any argument for continued implementation. The only way to wake up a greedy idiot is to slap him where it hurts; in the pocket book!!! Bear in mind, I'm not interested in stealing anything, I just want my content to work. If I'm going to pay hard earned imcome for expensive content, it better damn well play like advertised, or there will be hell to pay!!!

Neon Samurai
Neon Samurai

Dear Music Conglomerate, I thoroughly enjoyed this month's puzzle and look forward to next months challenge for your subscribers. Please find my solution attached; I hope it's right. I couldn't find the answers column in your publication but I was able to read all of the included audio without issue. Thanks for another great puzzle, keep up the good work! .. hehe ..

Dumphrey
Dumphrey

And I love it...oh yes.. don't we my Precious?

Locrian_Lyric
Locrian_Lyric

post it on 9 random sites, and then mail a copy to the company and dare them to find the ***10*** sites you posted it on. heh!

Dumphrey
Dumphrey

be funny if they just posted the letter and code on some random message board each time. Like what happened last time... by the time its taken down, its already to late :)

Locrian_Lyric
Locrian_Lyric

Dear Jerks, I just thought you'd like to know that your DRM specs aren't as tight as you thought. It took me all of about ten minutes to crack them, but another two weeks to mail this letter. Please release your next version ASAP, as I've already grown bored. PS: This time try to make it a challange. -A. Nonymous.

Dumphrey
Dumphrey

Neon. I can completely see your vision there.

Neon Samurai
Neon Samurai

Imagine someone sending the media companies the reverse engineered specs for there own DRM scheme shortly after new version release. If it was a character in a show, I'd run the hobby as a side storey that never really get's the entire focus of a show. You'd see the character mucking at papers or doodling in the background when not delivering plot forwarding lines. Every now and then he'd drop something in the mailbox or recieve a package with the latest legal notice. You could have the mailing done anonymously so the only feedback on the show is the odd cut to a RIAA boardroom full of unhappy grey haired members.

Dumphrey
Dumphrey

some how I know the old adage "the threat is worth more then the hit" applies here somehow. The trick would just be to convince them you had cracked their system... over and over again. And all that would take is a rumor mill on certain sites... But the big studios would want proof.... Hmmmm.... Time to pull out the foil thinking hat.

JCitizen
JCitizen

wake up to your reality or some version of Apple's music store and realize the monetary consequences of their dopey DR(Maleware) escapades. I so agree with you and Apotheon, but most of us just want something that works. We aren't interested in stealing anything, but the industry is stealing OUR money selling us digital rights maleware that DOESN'T WORK!!! We shall see what happens after I complain to several states attorneys general and the BBB and anyone who will listen to me for the rippoff they are foisting on us. We are happy to pay high prices for their crap, but it DOESN'T WORK!! This is highway robbery!!!!

Neon Samurai
Neon Samurai

Developers are a different thing entirely. Software creation adds into computing exploring what new tricks the machine can be made to do. I was thinking in terms of the pure support industries; repeat business from cronic home computer rebuilds and the size of the AV and protection software markets. The support industry is larger than the service industry and mostly because of things in the popular OS that could be fixed. "Without Windows, how would we get to visit and invoice our clients weekly?"

JCitizen
JCitizen

on a project right now. I've been struggling with the OEM and Widows Media Center on this for more than three weeks. I feel most of the problem is Windows for their poor implementation of DRM; especially in cable ready devices with PVR/DVR capability. My rig is infested with DRM from the ground up. It is the only way "hollywood" will let the vendors build such equipment. One of the things that makes me mad is Redmond is getting off lightly with this crap, and avoiding the bleme for it. I don't mind buying stuff like this, expensive or not; but I expect it to work. Hmmmm! Not working! No surprise, Huh!?!

phil
phil

Well actually I was being ironic and expressing the reality of the situation. The title was about a hidden consequence of DRM. The same argument could be said for all software products. If they all worked as envisaged our industry would be much smaller. Is every second stage re-programmer a parasite? It is a reality that software and IT systems are imperfect and PCs worked like a TV (press a button it works) many IT pros would be out of a job. Our business is also about efficency gains and correct use of technology. DRM is all about maintaining a big guaranteed income stream for copyright holders. It simply wouldn't be necessary if the goods were available at a price people would be happy to pay for. Remember "home taping" destroyed the music industry in the 80s. (thats a joke BTW).

JCitizen
JCitizen

the economic model upside down... A. Joe sixpack wants to buy music, but not only that he wants it in an original package, and to play it on his favorite DRM riddled device. B. Joe finds out his DRM riddled content won't play on his DRM riddled device. C. Joe gives up and downloads illegal content and plays it on the next piece of junk that works. Get the picture? This is economy turned upside down in my opinion. In fact it is the dumbest rip-off scheme I've ever heard of.

DaemonSlayer
DaemonSlayer

Your definition of demand is right, Dumphrey, as well as with marketing research failures. but UNFORTUNATELY... the RIAA will lie through their teeth on the extent and damages too. They will exaggerate to congress, the consumer, and their signed bands. Music Store sales are not calculated the same as distribution sales to the store, so losses automatically appear there. They won't tell you that little detail in their "loss" claims. They tell you they lose $xM dollars to piracy, BUT how did they determine that they were going to sell that amount PLUS what they claimed they sold thru regular channels anyway... perhaps they should market the software/procedures that tell you how much you should and will sell.

apotheon
apotheon

1. We're talking about an increase in demand for the band's music (not necessarily in CD form) in a situation where it gets wider recognition (more advertising, basically) as contrasted with one where everybody just boycotts it entirely and never tells anyone else about it. If you don't see where the term "demand" is being used correctly in this sense, you don't understand the term as well as you think. 2. Copyright infringement is not theft -- it's copyright infringement. I recommend you revisit your layman's understanding of the law on this matter and correct your use of the term "theft".

Dumphrey
Dumphrey

is VERY much dependent on the real-world usage of the word, which is close to the word "want", as you suggested. You are ignoring a very simple truth here in order to argue simple definition. While theft hurts profits, it can drastically increase awareness and knowledge of a band, exposing them to many more people then would otherwise hear them (I refuse to complain about poor radio stations [clearstation]here). This can lead to many more sales of end product (CDs, shirts, posters). Ethics aside, the RIAA has admitted defeat by using litigation. If you have to rely on litigation to defend your business model, you model is broken. There is no way they can stop the flow of P2P exchange. No more then the Govt. could stop alcohol in the 30's. David Byrne, Radio Head, and even (surprisingly) Madonna have found solutions to the changing industry in a global information society. Look into it, its educational. I could spend all afternoon arguing the definition of "demand" with you, we could even argue the definition of the word "is" if you like... but I am not an economist, I do not use words as if I was an economist. And I never claimed to. Your lack of any substantial argument confirms that you are mostly disagreeing for the sake of disagreeing. Maybe you feel I am condoning theft, which I am not. Maybe you work for one of the Studios. No idea. But arguing the technical definitions of words is at best a time waster and stalling technique designed to confuse your opponent and maybe let you sneak a real point in, or get them to acknowledge your garbage as valid...

jon_saxon
jon_saxon

You are using the word "demand" ignoring the actual economic definition of the word. Theft of property, intellectual or real, does not increase "economic demand" of that product. Theft decreases "economic demand." Of course, theft increases the distribution of intellectual property. But distribution or possession is not the same as demand. Look it up here: http://www.economist.com/research/economics/alphabetic.cfm?letter=D#demand Demand One of the two words economists use most; the other is SUPPLY. These are the twin driving forces of the market economy. Demand is not just about measuring what people want; for economists, it refers to the amount of a good or service that people are both willing and able to buy.

Locrian_Lyric
Locrian_Lyric

Lisa Lopez said that the company expensed the hell out of everything, and that they had something like 50K each from multimillion dollar sales of their records.

apotheon
apotheon

I don't so much play bass as play *at* it. I have what has been called a "pleasant tenor" voice, and can carry a tune in a bucket. I'm not as good at piano as I am at bass -- which obviously isn't saying too much. I'm not a professional, or even professional-quality, musician (yet, anyway). I do, however, pay an awful lot of attention to what's going on in the record industry, and when I lived in California I hung out with a few people who had been signed with some significant record labels. I think everyone could know a lot more about what goes on in the record industry if they just paid more attention to what's going on around them. The number of people who have forgotten about how TLC ended up filing for bankruptcy in the '90s is probably pretty surprisingly high, for instance. It doesn't take much paying attention to realize that the reason for the financial problems is the kind of contract TLC had with its label. The number of expos?s of contract practice written by people eyebrow-deep in the record industry (band members, producers, managers, former accounts executives, et cetera) that are floating around the Internet is kind of surprising, actually. I seem to recall that Oz Media has been personally involved in the industry as well, and has some harsh things to say about common practice and how the artists are abused.

Locrian_Lyric
Locrian_Lyric

I ask because you seem to know the inner workings of the business.

Dumphrey
Dumphrey

And I do agree with you. Thanks for bringing it up.

apotheon
apotheon

The more people get access to it, the more they will convince others to seek access to it. Those others, then, will do what they can to get access to it -- including buying CDs, going to concerts, et cetera. If a band releases a single and only sells five copies of it, but then 30,000,000 copies are downloaded from Facebook, a bunch of those downloaders are going to want to get the album and/or attend the band's live shows -- which will generate revenue. Artists buy the crap the RIAA sells them a lot of the time, and they tend to be artists (not economists), so they don't understand that trying to eke every single goddamned cent out of every single customer may actually hurt their ability to generate revenue. This is especially true considering that bands make a lot more money per concert attendee than they do per CD sold under standard record industry contracts. Recording artists would make a whole lot more money giving their music away online, and doing shows where they charge for tickets, than by doing everything the RIAA way. The record labels treat concert tours as advertising for the albums, but the bands should be treating albums as advertising for the shows where they perform.

Dumphrey
Dumphrey

is not limited to a person that can or will legally pay for a product. Lets say Band A realeases a new single. they sell 120,000 copies through iTunes. But, 2,000,000 peopel download the song from P2P. Whats the product demand? 120,000? or 2,120,000? Demand is not the same as profit or sales. Ideal profit is when you can make sales% == demand%. If Band B releases a new single, but only sells 5 copies, they are a flop, unless 30,000,000 copies of their song are downloaded from FaceBook. There is demand for the music, just not by a crowd that follows the standard distribution channels, and no revenue being generated by that demand. Which means the marketing research for the record label department failed, not the band. The RIAA is not angry at P2P users because they are downloading music, this measn there is demand for the music. The RIAA is angry because revenue is not being generated by those downloads. Artists are angry because they are not receiving royalties... Do you see where I am going with this? I am not the best at explaining stuff.

jon_saxon
jon_saxon

This is a different take on the issue of piracy. Can you explain how you conclude that stealing a product from a company increases demand for the product?

Dumphrey
Dumphrey

And that's the key, a double loss for them.

Jaqui
Jaqui

which is another good reason not to steal the content. yet they don't get my money either, so it is a complete loss for them.

Dumphrey
Dumphrey

all you do is increase demand for the product. Im not sure MS would be quite where they are now with out the rampant piracy and theft that went on with their OS/Office combo. But the point is, even stealing supports their cause, stronger in the case of DRM, then a legal purchase.

Dumphrey
Dumphrey

The artists can not change mid-contract, but they would eventually be able to move to another label, or influence the policy over their music. A central web site of bands on the Sony label would be interesting, especially if the "indie" labels owned by Sony could be listed as well.

apotheon
apotheon

Sounds like a good plan. Maybe I'll start doing that, too.

dickdowning
dickdowning

I have not only quit buying anything Sony and their subsidiaries put out music wise I have also started to write the performers whose CDs I would have bought. I tell them that I really like their stuff and would have bought their CD but I refuse to purchase anything associated with the company they are signed up with because the company treats me like a criminal.

Neon Samurai
Neon Samurai

I'm such a packrat, I must have it somewhere; now if only I could guess what brillian file name I gave it. ;)

Dumphrey
Dumphrey

Especially if I can integrate it into FreeNAS.

JackOfAllTech
JackOfAllTech

I've been buying and recommending them for years. No special software, no restrictions, just plug it in, copy your files over, and play. What could be better?

JackOfAllTech
JackOfAllTech

I'm not sure what causes some people to care and others not to, it's complicated. On the other hand, you have people that go over the deep end and are so fanatical about things they try to force you to agree with everything they believe in.

apotheon
apotheon

Let me know when you find that article, Neon Samurai. I'd like to see more about what you're discussing.

Dumphrey
Dumphrey

I avoid it as best as I can for many reasons (among them is borderline legality of codec usage). And 192 is a big jump in quality from 128. 256 is about optimum for my mp3 usage. I do not maintain a large electronic music collection, so storage is no real issue. My home stereo system was carefully built over several years, and it is not kind at all to MP3... And when it all comes home, I will have to admit a certain fondness for the physical CD, left over from the days of Vinyl and album liners and notes...

brian.mills
brian.mills

I'm not such an audiophile that I can really tell the difference between an MP3 and the CD, unless I'm listening reeeeeeaaaaaaally closely. I mostly listen to music either on my computer through some $35 Logitech 2.1 speakers I picked up a few years ago, on my iPod through some $5-$10 headphones, or in a car stereo with factory speakers. That's hardly the setup for distinguishing the fine differences between CD and MP3 quality. Besides, I rip to MP3 at 192kbps, so it's not quite as lossy. I've pondered using a higher-quality (and thus larger file size) format, but I've resisted mostly due to the fact that it would take substantially more hard drive space to store all my music, and new larger hard drives are pretty low on the purchase priority list right now. If I ever change my mind, most of my music was purchased on CD, so I can always re-rip if I so desire. Until then, I can carry around over 10,000 songs on my iPod with plenty of room to spare, and listen to them on my crappy headphones with no real discernible difference from the CDs I ripped them from.

Dumphrey
Dumphrey

the windows media protected files are only able to be played using an unsupported firmware off the iAudio web site... And I had no worries believing they were a real company after some short googleing and finding their products on Amazon among other places.

TripleII-21189418044173169409978279405827
TripleII-21189418044173169409978279405827

I bought from accessory genie, and have purchased other from MP4 nation. Absolutely no affiliation with eather. Just an FYI, in case you or others are worried, it is a true legitimate company, especially when you find their players at Circuit City Online. http://www.circuitcity.com/ccd/Search.do?c=1&searchType=user&keyword=meizu&searchSection=All&go.x=0&go.y=0 and out of stock most of the time, :D Getting back to the story, this is the unintended consequence of DRM, more economical, price/feature wise much better players when they DON'T focus or care about all this DRM crap. TripleII

Dumphrey
Dumphrey

looks good to me. Like I said, I will be getting one for my father =) If I had known about them at the time, I may have purchased one instead of the iAudio.

Neon Samurai
Neon Samurai

The article is not at hand but I remember reading about a setup where music is stored in FLAC on it's own partition. That partition can then be mounted to convert on the fly based on what you are feeding the music into. If your feeding it into your home sterio then the tracks can apear as mp3 or your prefered high fi codec. If your feeding it into your mp3 player then you can have it apear as low bitrate mp3 or ogg. I have to look into it further but it's been a secondary interest until I have a proper file server up and running.

Dumphrey
Dumphrey

then I am impressed. After getting used to the iAudio, I feel sad for people still using horrid iPods that use badly set tone controls to compensate for lower quality DAC's. I do admit that my X5 was not cheep. but it supports more file formats then any other at the time, plays video, has a line out that bypasses all internal audio processing, and acts as a mass storage device to any OS. Battery life is about 25-28 hours per full charge (X5 has an extended battery). It is larger then an iPod, but still small enough for a shirt pocket. I will defiantly have to look into your suggestion. EDIt: Just browsed over to the meizu web site, and I like what I saw, especially the music card line. Thanks for the heads up. One of those would make a good birthday present for my father. question: do they [meizu] have a resume play feature (from last stopping point/power off point) and or a bookmarking feature?

TripleII-21189418044173169409978279405827
TripleII-21189418044173169409978279405827

It always has been, Q6 to Q8 ogg. (Q8 for the last few years), however, Amazon only sells MP3. I have a Meizu M6, full ogg support and an awesome player. For 1/2 the price of anything i*, and much better sound quality, it really is a great player. I tend to steer others toward OGG supported players, and always, unconditionally, towards a player that is simply USB mass storage. That is the only true "Plays For Sure" access method. About 3/4 run linux primarily now too (I stopped Windows support about 3 years ago to preserve sanity), and Amarok always pleases. TripleII

Dumphrey
Dumphrey

flac files sound pretty good on portable devices. They just do not compress as well as the lossy formats. My earlyer post was a typo btw, I meant to say FLAC, not LAME...

apotheon
apotheon

You need to hit these people up with the practical consequences of DRM, too. Educate them about the security issues involved in using anything that comes with DRM, and how those security issues could affect them personally. That may not work with everyone, either, but it's worth a shot.

apotheon
apotheon

I prefer keeping FLAC files of all my music on a file server (since it's a lossless codec), and creating Ogg Vorbis copies for carrying around with me (since they're smaller).

Dumphrey
Dumphrey

That I really do not use MP3s to any great extent. I do not buy music online, as a CD is a better investment in quality. 128 kbps MP3 is not CD quality. You can hear the compression and truncation of the music. If on line music companies want my business, they need to be offering high bit rate lossless options, not substandard mp3. An mp3 is a "lossy" compression format to begin with. The DRM sub system adds yet another layer in this "recode/decode" chain that degrades performance. the playback restrictions that these systems are putting on end users is what hold s them back from surpassing the plain DVD. SuperAudioCd and the Audio DVD version came and "went" with barely a peep. Sure, some titles are still available, and some players can still handle the format. But it was never user-friendly. Even rabid audiophiles (especially) did not want to use 5 or 6 analog cables to connect a digital player to their amp, bypassing the much superior DACs on their pre-amps for the crap ones in the cd player. A single toslink would have been fine. If manufacturers had allowed that set up, the end users would have adopted it, the sound quality is better after all. There would have been some copying of music, some pirating, but over all, they would have vastly increased their sales.

Dumphrey
Dumphrey

LAME and Ogg Vorbis. They really are better codecs then MP3, as well as being open source. Many portable media players can handle these formats now as well. Especially the iAudio from cowan.

TripleII-21189418044173169409978279405827
TripleII-21189418044173169409978279405827

Sony won the "war" because it bundled the player in their playstation. Sales of actual Blu-Ray titles is meager at best. Look at music. "PrayForSure" was the BEST thing to ever happen to digitial music. It was so intrusive and buggy that it demonstrated to the common person what DRM was and how much they hate it. When people just stopped buying content because of the DRM, they had to give in. Today, the best Blu-Ray players are buggy, slow, intrusive and VERY complicated. Now, if they couldn't get "MaybePlays" bulletproof, what hope do they have of AACS and BD+ revocation and update mechanisms to work without continually hosing those foolish enough to adopt the technonology. Honestly, I can't wait until they start trying to revoke players, revoke keys, update players, etc, it is going to be a class action lawsuit frenzy. TripleII P.S. Being the "tech guy" in the family, I have a lot of influence. Probably 50+ MP3 players (no Apple) and teach how to use universal format (MP3).

brian.mills
brian.mills

...movies, but that has more to do with the high price than the DRM, though that would be a compelling argument if my financial situation changes. For now any movies I want to watch I just add to my Netflix list. If I want to watch it again someday, I can always add it to the list and rent it again. As for music, I only buy non-DRM music online, and if it's not available, I either live without or buy the CD at double the cost and rip it to a non-DRM format on my computer when I get home. The only real reason for CDs at my house is so we can listen to them in our cars. I really don't think that enough people care about their rights anymore to make much of an impact on the music and movie industries. Just look around the US and see how many rights have been given up in the name of "safety". I really don't think a little thing like the right to make a backup of a movie will be missed when people aren't even missing the right to privacy they're too eager to give up.

boxfiddler
boxfiddler

I bring this up at work and with friends, and as far as I can tell they just don't care. If they want that movie, by gosh they are going to have it no matter the ethical questions involved with providing it to the masses. I shudder to think where that kind of attitude will take us in future if it remains unchecked. I have a whole host of companies and products that I boycott for a variety of ethical reasons. Most of which people don't think about or care about. It is really sad to me.

Editor's Picks